(This is not a question but rather my notes on connecting to an SSL server using JDBC and client certificates).
As a side note, client certificates are mandatory for user root (and recommended anyways in various cases).
Given a running, secured cluster, and assuming a client certificate has been created as described in
The only catch for connecting using JDBC is that the postgresql driver doesn’t read PEM certs of keys.
Rather we’ll convert the cert to the DER format and the key to pks8:
openssl x509 -in maxroach.cert -inform pem -outform der -out maxroach.der openssl pkcs8 -topk8 -inform PEM -outform DER -in maxroach.key -out maxroach.key.pk8 -nocrypt
We’ll then use those files in the cockroach URL:
String url = "jdbc:postgresql://cockroach-host:26257/lefty?user=maxroach" + "&sslcert=path%to%2Fmaxroach.der" + "&sslkey=path%to%2Fmaxroach.key.pk8" + "&sslmode=require&ssl=true"; // Connect to the database. conn = DriverManager.getConnection(url);
Also note that in my experience cockroach wouldn’t recognize the user from the certificate so we just included the ?user=maxroach part in the URL.